Fields that can be marked for QoS purposes
- IP header
- LAN trunking header
- Frame Relay header
- ATM cell header
IP Precedence and DSCP compared
The IP header is defined in RFC 791, including 1 bytes called Type of Service (ToS).
The ToS was further subdivided, with the high-order 3 bits defined as the IP Precedence (IPP):
- Routine: Precedence 0 - 000
- Priority: Precedence 1 - 001
- Immediate: Precedence 2 - 010
- Flash: Precedence 3 - 011
- Flash Override: Precedence 4 - 100
- Critical: Precedence 5 - 101
- Internetwork Control: Precedence 6 - 110
- Network Control: Precedence 7 - 111
A series of RFC collectively called Differentiated Services (DiffServ) came along later.
The ToS was renamed the Differentiated Services (DS) field, and IPP was replaced with a 6 bits field called the Differentiated Services Code Point (DSCP).
DSCP settings and terminology
Several DiffServ RFCs suggest a set of values to use in the DSCP field and the associated QoS behavior recommended, called Per-Hop Behavior (PHB).
Class selector PHB and DSCP values
IPP overlaps with the first 3 bits of the DSCP.
RFC 2475 defines a set of DSCP values and PHBs, called Class Selector (CS) PHBs, that provide backward compatibility with IPP:
- Default/CS0: 000000 - 000 - Routine
- CS1: 001000 - 001 - Priority
- CS2: 010000 - 010 - Immediate
- CS3: 011000 - 011 - Flash
- CS4: 100000 - 100 - Flash Override
- CS5: 101000 - 101 - Critical
- CS6: 110000 - 110 - Interwork Control
- CS7: 111000 - 111 - Network Control
Packets with larger CS should be given better queuing preference.
Assured Forwarding PHBs and DSCP values
AF defines four classes (1-4) for queuing purposes with tree levels (1-3) of drop probability inside each queue.
Classes with a higher value have a better queuing treatment.
A higher level means a higher probability to being dropped.
- AF11, AF12, AF13: 001010, 001100, 001110
- AF21, AF22, AF23: 010010, 010100, 010110
- AF31, AF32, AF33: 011010, 011100, 011110
- AF41, AF42, AF43: 100010, 100100, 100110
Expedited Forwarding PHB and DSCP values
Packets marked as EF should be given queuing preference so that they experience minimal latency but they should be policed to do not consume all bandwidth on the link or starve other queues.
The DSCP value defined is binary value 101110 (class 5, EF53).
Ethernet LAN Class of Service
Ethernet supports a 3-bit QoS marking field when using either an 802.1q or ISL trunking header.
802.1q defines its QoS field as the 3 most-significant bits of the 2-byte Tag Control field.
ISL defines the 3 least-significant bits from the 1-byte User field.
Generally speaking, these 3 bits are called the Class of Service (CoS).
WAN marking fields
Frame Relay uses the Discard Eligibility (DE) bit. Frames with the DE set to 1 are considered to be dropped.
ATM uses the Cell Loss Priority (CLP) bit. Cells with the CLP set to 1 are considered to be dropped.
MPLS uses the a 3-bit field called Experimental (EXP) for general QoS marking.
Locations for marking and matching
For IPP and DSCP on edge devices.
For CoS, DE, CLP and EXP:
- For classification: on ingress interfaces.
- For marking: on egress interfaces.
Cisco Modular QoS CLI
MQC is a common set of configuration commands to configure many QoS features in a router or switch.
MQC-based tools can be identified by the name, they all begin with the phrase "Class-Based" (CB):
- CB Marking
- CB Weighted Fair Queuing (CBWFQ)
- CB Policing
- CB Shaping
- CB Header Compression
Mechanics of MQC
There are three major commands with MQC:
- The
class-map command defines the matching parameters.- The PHB actions (marking, queuing, ...) are configured under the
policy-map.- The policy map is enabled on an interface by using a
service-policy command.Classification using class maps
- The
match command has many options for matching packets (QoS fields, ACLs, MACs, ...).- Class-map names are case sensitive.
- The
match protocol command means that IOS uses Network Based Application Recognition (NBAR) to perform the match.- The
match any command matches any packet.- CEF is required for CB Marking.
ip cef class-map match-all myclass1 match ip rtp 16384 16383 ! (16384-32767) class-map match-all myclass2 match any policy-map mypolicy class myclass1 set dscp EF class myclass2 set dscp default interface fa0/0 service-policy output mypolicyUsing multiple match commands
- Up to four (CoS and IPP) or eight (DSCP) values can be listed on a single
match cos, match precedence or match dscp.- If a class map has multiple
match commadns in it, the match-any or match-all (default) define a logical OR or a logical AND between the match commands.- The
match class _name_ command refers to another class map by name.Classification using NBAR
NBAR can look past the UDP and TCP header and refer to the host name, URL or MIME type in HTTP requests.
You can upgrade NBAR without changing to a later IOS version. Cisco uses a feature called Packet Description Language Modules (PDLM) to define new protocolos that NBAR should match:
ip nbar pdlm _pdlm-name_Class-Based Marking (CB Marking) configuration
- A CB Marking policy map is processed sequentially; one a packet has matched a class, it is marked based on the
set commands.- You can configure multiple
set commands in one class to set multiple fields.- Packets that do not explicity match a defined class are considered to have matched a special class called class-default.
- For any class inside the policy map for which there is no set command, packets in that class are not marked.
-
set [ip] precedence _value_-
set [ip] dscp _value_-
set cos _value_-
set qos-group _id_ ! Marks the group identifier for the QoS group-
set atm-clp-
set fr-deCB Marking design choises
Mark as close to the ingress edge of the network as possible but not so close to the edge that the marking is made by an untrusted device.
RFC-recomended values for marking CoS, IPP, DSCP:
- Voice payload: 5, 5, EF
- Video payload: 4, 4, AF41
- Voice/video signaling: 3, 3, CS3
- Mission-critical data: 3, 3, AF31/AF32/AF33
- Transactional data: 2, 2, AF21/AF22/AF23
- Bulk data: 1, 1, AF11/AF12/AF13
- Best effort: 0, 0, BE
- Scavenger: 0, 0, 2/4/6
QoS pre-classification
With VPN traffic, the only thing we have to work with is the ToS byte of the original packet, which is automatically copied to the tunnel header (IPsec transport mode, IPsec tunnel mode and GRE).
But features like NBAR are broken.
Cisco IOS includes a feature called QoS pre-classification that can be enabled on VPN endpoint routers that keep the original traffic in memory until the egress QoS actions is taken:
- GRE and IPIP:
interface tunnel- L2F and L2TP:
interface virtual-template- IPsec:
crypto mapAutoQoS
Is a macro that helps automate class-based Qos configuration using best practice recommendations.
There are two flavors: AutoQoS for VoIP and for the Enterprise.
To verify AutoQoS configuration use:
-
show auto qos-
show mls qos-
show policy-map interface-
show auto discovery qosAutoQoS for VoIP
Provides QoS both global and interface configuration for voice and video applications.
Is supported on routers and switches.
When enabled on access ports, AutoQoS uses CDP to detect the presence of a Cisco phone or softphone:
-
auto qos voip {cisco-phone | cisco-softphone}- Normal traffic is treated as best effort.
- For phone traffic, the switch trusts the QoS markings it receives.
When enabled on a trunk or uplink, it trusts the CoS or DSCP values received:
-
auto qos voip trustAutoQoS for the Enterprise
Provides QoS both global and interface configuration for voice, video and other network applications.
Is supported on routers.
The command to enable traffic discovery is
auto discovery qos [trust] and is configured at the interface, DLCI or PVC level.Use the
trust keyword if you trust the traffic already marked because AutoQoS policies will use those markings during the configuration stage.The router will classify the traffic collected into one of ten classes:
- Routing: CS6 - EIGRP, OSPF
- VoIP: EF - RTP voice media
- Interactive video: AF41 - RTP video media
- Streaming video: CS4 - Real audio, Netshow
- Control: CS3 - RTCP, H323, SIP
- Transactional: AF21 - SAP, Citrix, Telnet, SSH
- Bulk: AF11 - FTP, SMTP, POP3, Exchange
- Scavenger: CS1 - P2P applications
- Management: CS2 - SNMP, Syslog, DHCP, DNS
- Best effort: All others - All others.
Finally, configure the
auto qos command and disable the traffic discovery.
No comments:
Post a Comment